Design and use of software architectures: adopting and evolving a product-line approach
Design and use of software architectures: adopting and evolving a product-line approach
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Business process reengineering and workflow automation: a technology transfer experience
Journal of Systems and Software
Security and Privacy Requirements Analysis within a Social Setting
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Elaborating Security Requirements by Construction of Intentional Anti-Models
Proceedings of the 26th International Conference on Software Engineering
A customizable approach to full lifecycle variability management
Science of Computer Programming - Special issue: Software variability management
Eliciting security requirements with misuse cases
Requirements Engineering
Software Product Line Engineering: Foundations, Principles and Techniques
Software Product Line Engineering: Foundations, Principles and Techniques
CSEET '06 Proceedings of the 19th Conference on Software Engineering Education & Training
Computer Standards & Interfaces
Model-Based Security Engineering of Distributed Information Systems Using UMLsec
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Engineering Safety and Security Related Requirements for Software Intensive Systems
ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Three empirical studies on estimating the design effort of Web applications
ACM Transactions on Software Engineering and Methodology (TOSEM)
Capturing quality requirements of product family architecture
Information and Software Technology
Security Requirements Engineering: A Framework for Representation and Analysis
IEEE Transactions on Software Engineering
Security Requirements Variability for Software Product Lines
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Computer Standards & Interfaces
Experimental comparison of attack trees and misuse cases for security threat identification
Information and Software Technology
Computer Standards & Interfaces
A systematic review of security requirements engineering
Computer Standards & Interfaces
Challenges for requirements engineering and management in software product line development
REFSQ'07 Proceedings of the 13th international working conference on Requirements engineering: foundation for software quality
Automated analysis of permission-based security using UMLsec
FASE'08/ETAPS'08 Proceedings of the Theory and practice of software, 11th international conference on Fundamental approaches to software engineering
Secure Systems Development with UML
Secure Systems Development with UML
Automatic translation form requirements model into use cases modeling on UML
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part III
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III
Information and Software Technology
Secure Tropos framework for software product lines requirements engineering
Computer Standards & Interfaces
| Hi-index | 0.00 |
Context: The correct analysis and understanding of security requirements are important because they assist in the discovery of any security or requirement defects or mistakes during the early stages of development. Security requirements engineering is therefore both a central task and a critical success factor in product line development owing to the complexity and extensive nature of software product lines (SPL). However, most of the current SPL practices in requirements engineering do not adequately address security requirements engineering. Objective: The aim of this approach is to describe a holistic security requirements engineering framework with which to facilitate the development of secure SPLs and their derived products. It will conform with the most relevant security standards with regard to the management of security requirements, such as ISO/IEC 27001 and ISO/IEC 15408. Results: This framework is composed of: a security requirements engineering process for SPL (SREPPLine) driven by security standards; a Security Reference Meta Model to manage the variability of those SPL artefacts related to security requirements; and a tool (SREPPLineTool) which implements the meta-model and supports the process. Method: A complete explanation of the framework will be provided. The process will be formally specified with SPEM 2.0 and the repository will be formally specified with an XML grammar. The application of SREPPLine and SREPPLineTool will be illustrated through a description of a simple example as a preliminary validation. Conclusion: Although there have been several attempts to fill the gap between requirements engineering and SPL requirements engineering, no systematic approach with which to define security quality requirements and to manage their variability and their related security artefacts in SPL models is, as yet, available. The contribution of this work is that of providing a systematic approach for the management of the security requirements and their variability from the early stages of product line development in order to facilitate the conformance of SPL products with the most relevant security standards.